Solved

.pem path and payment processing with First Data Global Gateway and yahoo business hosting

Posted on 2009-04-07
8
3,125 Views
Last Modified: 2013-11-29
Hi all,

I am working with a client to handle payment processing using PHP, curl and First Data Global gateway (linkpoint) payment processing. I have a simple test file for processing the posted data which sends an XML file and returns results. This is an example provided by the payment processor for testing. I dont receive a response on the post. The client is using yahoo business hosting and I know one potential issue may be that port 1129 is not open which is required. That I understand.  What Im not sure of is the path for the required .pem file? Is this the .pem for the cert that yahoo uses or a file provided by the payment processor which i have to put on the server?

Not sure if anyone has dealt with this payment processor and more specifically with yahoo business hosting.

These are the required values.
$myorder["host"]       = "secure.linkpt.net";
$myorder["port"]       = "1129";
$myorder["keyfile"]    = "./YOURCERT.pem"; # Change this to the name and location of your certificate file
Sample of the file that handles the POST, it works but the response values are not returned. And yes I am including the lphp.php file.

 

<?

echo"<html><head><title>PHP_FORM_MIN.php LinkPoint Sample </title></head><body><br>";

 

/*

<!---------------------------------------------------------------------------------

* PHP_FORM_MIN.php - A form processing for linkpoint 

------------------------------------------------------------------------------------>

*/

	include"lphp.php";

	$mylphp=new lphp;

 

	# constants

	$myorder["host"]       = "secure.linkpt.net";

	$myorder["port"]       = "1129";

	$myorder["keyfile"]    = "./YOURCERT.pem"; # location of your certificate file 

	$myorder["configfile"] = "1111"; # This is would be the clients assigned store ID. 

 

	# form data

	$myorder["cardnumber"]    = $_POST["cardnumber"];

	$myorder["cardexpmonth"]  = $_POST["cardexpmonth"];

	$myorder["cardexpyear"]   = $_POST["cardexpyear"];

	$myorder["chargetotal"]   = $_POST["chargetotal"];

	$myorder["ordertype"]     = $_POST["ordertype"];

 

	if ($_POST["debugging"])

		$myorder["debugging"]="true";

 

  # Send transaction. Use one of two possible methods  #

//	$result = $mylphp->process($myorder);       # use shared library model

	$result = $mylphp->curl_process($myorder);  # use curl methods

 

	if ($result["r_approved"] != "APPROVED")    // transaction failed, print the reason

	{

		print "Status:  $result[r_approved]<br>\n";

		print "Error:  $result[r_error]<br><br>\n";

	}

	else	// success

	{		

		print "Status: $result[r_approved]<br>\n";

		print "Transaction Code: $result[r_code]<br><br>\n";

	}

 

# if verbose output has been checked,

# print complete server response to a table

	if ($_POST["verbose"])

	{

		echo "<table border=1>";

 

		while (list($key, $value) = each($result))

		{

			# print the returned hash 

			echo "<tr>";

			echo "<td>" . htmlspecialchars($key) . "</td>";

			echo "<td><b>" . htmlspecialchars($value) . "</b></td>";

			echo "</tr>";

		}	

			

		echo "</TABLE><br>\n";

	}

?> 

 

</body></html>

Open in new window

0
Comment
Question by:binovpd
  • 4
  • 4
8 Comments
 
LVL 31

Expert Comment

by:Paranormastic
Comment Utility
I don't know about this file specifically, however you can try doing this and it might shed some light on things for you to find out for yourself.  If you run the cmd:

certutil -dump %path%\YourCert.pem | more

you should be able to look at the subject name (probably your company/server) and the issuer name (may be yahoo or credit card co, or a commercial CA), and some other information that may be useful if these two fields don't show anything.  Not a guarantee, but this turns of useful information more often than not.
0
 

Author Comment

by:binovpd
Comment Utility
Hi Paranormastic,

Thanks for the reply.  The problem is that I don't have command line access.  This is a hosting account with yahoo. I don't have full access to the machine just ftp.
0
 
LVL 31

Expert Comment

by:Paranormastic
Comment Utility
are you able to use FTP to get to that PEM file to copy it to your workstation where you have access to cmd?
0
 
LVL 31

Expert Comment

by:Paranormastic
Comment Utility
Or at the very least if you could open it up in your browser or a text editor on the server - something like that were you can see the encrypted garbage - if you can do that you can copy/paste into notepad (not word/wordpad...) including line breaks and save that to file.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:binovpd
Comment Utility
Yes I do have ftp access, but I have no idea where the pem file is located?
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 125 total points
Comment Utility
Hmm Looked at their FAQ - not to be critical but its kinda poorly written, imho..

http://www.firstdata.com/support/faq/global_gateway.htm
View:
What is a digital certificate and how do I receive one?
A digital certificate is a key used on the Internet to identify a company or organization and secure transactions between two parties. When you sign up for the Global Gateway API service, you receive a digital certificate. The Global Gateway API software uses this certificate to send SSL-secured payment transactions to the gateway service.

The certificate you receive with the First Data Global Gateway API solution is used ONLY for these specific API purposes and does apply to your overall Web server environment. You will also need to obtain a digital certificate from a certificate authority in order to secure your Web server. Your Web server should be properly secured whenever collecting sensitive information from your customers.

How do I install the digital certificate?
 
While the installation is fairly simple, it varies depending on the scenario. Basically, you need to copy the digital certificate on the welcome letter as a whole; do not break up the RSA and the Certificate-copy it in one piece.

Follow these instructions carefully:

Start copying exactly at the first dash of -------Begin RSA and end exactly after the last dash of END CERTIFICATE----- with no extra spaces included.
Paste it in a text utility and save the file with a .Pem extension. We recommend you use the store number.pem; e.g., 1234123456.pem.
Review the file name to ensure it has a .pem extension. Make sure you computer view displays all file extensions with no hidden extensions (1234123456.pem.txt will not work). In the Windows® operating system, under My Computer, select View- Options-View (tab) Hidden files -mark the Show all files and uncheck the box for Hide file Extensions for known file types).
If you have a hosted site, you will need to find out from your Web hosting company the directory and folder to which you must upload the file via FTP. Some hosts have an area located in the shopping cart where you copy and paste the file instead of using FTP.
If you host a site on your own Web server, then the file needs to go in the file system where your Web server can access it.

Their support # is 1-888-477-3611 and email globalgateway.support@firstdata.com

0
 

Author Comment

by:binovpd
Comment Utility
Paranormastic I think I'll have to call the gateway provider.  it sounds like they provide the pem file and then I have to upload it to our server. I really appreciate your help on this. I assumed the pem was the cert already on the host for providing SSL which i do have through the yahoo hosting but no info regarding the pem location.

I'll call, post what I find out and reward points to you.
0
 

Author Closing Comment

by:binovpd
Comment Utility
Paranormastic thanks for your help. I called the payment processor. The .pem file they require has nothing to do with the hosts SSL cert which is what I was thinking. The payment processor will provide you with a .pem file which you must upload to the server. Then in my Curl definitions I would specify the path to that file.

0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
E-commerce is quite a gambling world, and you should never entrust your business to a lucky chance. In order to outrun your competitors in a race to attract as many customers as possible, you need to have a well thought-out strategy under your belt.…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now